Matt Wozniski wrote: >On Dec 3, 2007 2:05 PM, Charles E. Campbell, Jr. wrote: > > >>Assuming that I have an encrypt/decrypt function pair, the pid could be >>used as a single-session p/w that would be transparent to the user. I >>don't see any point in saving a ftp password but requiring the user to >>enter some other password to make the ftp password available. Such >>things as recording the hundredth of a second that vim/gvim started >>along with the pid would act as an improved session-only password. >> >> > >Sure, I understand that you could use it as a key to encrypt the >password, but what I'm really asking is what you gain from that. Is it >really more secure to have an encrypted string and its decryption key >stored in memory than it is to have an unencrypted string in memory? >Particularly on an open-source project where anyone who wants to can >view your source code? > >
Where's the part where I said I'd store the session pid in some variable? Something like getpid() would be called during encrypt/decrypt, not stored. Chip Campbell --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---
